package single.shop.web.filter;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class RequestWrapper extends HttpServletRequestWrapper{

    //-------------------相同参数取第一个------------------
    private static final Map<String, String> singleParamMap = new HashMap<String, String>();
    
    static {
        singleParamMap.put("cityid", null);
        singleParamMap.put("queryCityid", null);
        singleParamMap.put("areaId", null);
        singleParamMap.put("busiCircleId", null);
        singleParamMap.put("fcId", null);
        singleParamMap.put("scId", null);
        singleParamMap.put("pageNo", null);
    }
    
	public RequestWrapper(HttpServletRequest request) {
		super(request);
	}
	public String[] getParameterValues(String parameter) {
	      String[] values = super.getParameterValues(parameter);
	      if (values==null)  {
	                  return null;
	          }
	      String[] encodedValues = null;
	      if (singleParamMap.containsKey(parameter)) {
	          //---------取第一个----
    	      int count = values.length > 1 ? 1 : values.length;
    	      encodedValues = new String[count];
    	      for (int i = 0; i < count; i++) {
    	                 encodedValues[i] = cleanXSS(values[i]);
    	      }
	      } else {
	          int count = values.length;
	          encodedValues = new String[count];
	          for (int i = 0; i < count; i++) {
	                     encodedValues[i] = cleanXSS(values[i]);
	          }
	      }
	      return encodedValues;
	    }
	    public String getParameter(String parameter) {
	          String value = super.getParameter(parameter);
	          if (value == null) {
	                 return null;
	                  }
	          return cleanXSS(value);
	    }
	    public String getHeader(String name) {
	        String value = super.getHeader(name);
	        if (value == null)
	            return null;
	        return cleanXSS(value);
	    }
	    private String cleanXSS(String value) {
	                //You'll need to remove the spaces from the html entities below
	        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
	      //value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
	        value = value.replaceAll("'", "& #39;");
	      //value = value.replaceAll("eval\\((.*)\\)", "");
	      //value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
	        value = value.replaceAll("script", "");
	        value = value.replaceAll("\r\n", "");
	        value = value.replaceAll("\r", "");
	        value = value.replaceAll("\n", "");
	        return value;
	    }

}
